assert "kd_lookup(kd->kd_unit) == NULL" failed in kcov.c (5)
0 views
Skip to first unread message
syzbot
May 7, 2026, 12:10:27 PM (12 days ago) May 7
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d8525c0ee876 Template peers need to check xp->rdesession t..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=159fcd06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=96e50b1184ab4f28c0b6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8187b86291ba/disk-d8525c0e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/0bdf7f37caa7/bsd-d8525c0e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9547f183705a/kernel-d8525c0e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+96e50b...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "kd_lookup(kd->kd_unit) == NULL" failed: file "/syzkaller/managers/main/kernel/sys/dev/kcov.c", line 306
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*193794 85690 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "kd_lookup(kd->kd_unit) == NULL" failed: file "/syzkaller/managers/main/kernel/sys/dev/kcov.c", line 306
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c506c50
rbx 0
rdx 0xffff8000015a9a80
rcx 0
rax 0xffff80002a7754d8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8d2447af84b4418f
r11 0xd4a5d14e3b40fbf6
r12 0
r13 0x2
r14 0
r15 0x1
rip 0xffffffff812dd435 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c506c40
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=193794 pid=85690 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=67, usrpri=68, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a7747e0,0xffff80002a7a4800
process=0xffff8000ffffb198 user=0xffff80003c502000, vmspace=0xfffffd806cb26180
estcpu=18, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
47868 406435 55335 0 2 0 syz-executor
47868 75337 55335 0 3 0x4000080 fsleep syz-executor
70245 502240 58548 0 2 0 syz-executor
70245 267756 58548 0 3 0x4000080 fsleep syz-executor
94579 96555 3356 0 2 0 syz-executor
94579 10262 3356 0 3 0x4000080 fsleep syz-executor
94579 326006 3356 0 3 0x4000080 netacc syz-executor
94579 292413 3356 0 3 0x4000080 fsleep syz-executor
98700 186732 10784 0 2 0 syz-executor
98700 287822 10784 0 3 0x4000080 fsleep syz-executor
98700 228338 10784 0 3 0x4000080 fsleep syz-executor
98700 430512 10784 0 3 0x4000080 fsleep syz-executor
82247 207755 54439 0 2 0 syz-executor
82247 391583 54439 0 3 0x4000080 fsleep syz-executor
82247 479624 54439 0 3 0x4000080 fsleep syz-executor
88507 170096 77231 0 2 0 syz-executor
88507 41083 77231 0 3 0x4000080 fsleep syz-executor
88507 77400 77231 0 3 0x4000080 fsleep syz-executor
88507 162792 77231 0 3 0x4000080 fsleep syz-executor
85690 89122 70320 0 2 0 syz-executor
*85690 193794 70320 0 7 0x4000000 syz-executor
85690 309432 70320 0 3 0x4000080 fsleep syz-executor
47676 488244 17721 0 2 0 syz-executor
47676 174409 17721 0 3 0x4000080 fsleep syz-executor
47676 251433 17721 0 3 0x4000080 fsleep syz-executor
47676 286762 17721 0 3 0x4000080 fsleep syz-executor
46895 61260 0 0 3 0x14200 acct acct
55335 315851 53956 0 3 0x82 nanoslp syz-executor
17721 378074 53956 0 3 0x82 nanoslp syz-executor
54439 248079 53956 0 3 0x82 nanoslp syz-executor
10784 294002 53956 0 3 0x82 nanoslp syz-executor
3356 333533 53956 0 3 0x82 nanoslp syz-executor
77231 510058 53956 0 3 0x82 nanoslp syz-executor
70320 357927 53956 0 3 0x82 nanoslp syz-executor
58548 275729 53956 0 3 0x82 nanoslp syz-executor
53956 200286 52355 0 3 0x82 kqread syz-executor
52355 190489 50765 0 3 0x10008a sigsusp ksh
50765 370827 45091 0 3 0x98 kqread sshd-session
45091 84324 74381 0 3 0x92 kqread sshd-session
76949 36522 1 0 3 0x100083 ttyin getty
74381 28095 1 0 3 0x88 kqread sshd
69076 168293 69512 73 3 0x1100090 kqread syslogd
69512 110459 1 0 3 0x100082 sbwait syslogd
51633 138037 1 0 3 0x100080 kqread resolvd
31242 291339 34041 77 3 0x100092 kqread dhcpleased
84204 322804 34041 77 3 0x100092 kqread dhcpleased
34041 140013 1 0 3 0x80 kqread dhcpleased
84367 308005 0 0 3 0x14200 bored smr
60533 192468 0 0 2 0x14200 zerothread
25259 505192 0 0 3 0x14200 aiodoned aiodoned
31766 129443 0 0 3 0x14200 syncer update
73777 281927 0 0 3 0x14200 cleaner cleaner
52155 270550 0 0 3 0x14200 reaper reaper
17247 101891 0 0 3 0x14200 pgdaemon pagedaemon
34375 121431 0 0 3 0x14200 bored viomb
9439 184165 0 0 3 0x40014200 acpi0 acpi0
12035 361145 0 0 3 0x14200 bored softnet0
74212 279060 0 0 3 0x14200 bored systqmp
96678 61653 0 0 3 0x14200 bored systq
83911 13424 0 0 3 0x40014200 tmoslp softclock
68575 15124 0 0 3 0x40014200 idle0
1 344917 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11025 12160K 12316K 166960K 12254 0
pcb 21 14K 15K 166960K 81 0
rtable 167 5K 7K 166960K 398 0
pf 26 12K 14K 166960K 47 0
ifaddr 28 4K 7K 166960K 51 0
ifgroup 39 1K 2K 166960K 65 0
sysctl 3 1K 9K 166960K 7 0
counters 30 17K 18K 166960K 38 0
ioctlops 0 0K 4K 166960K 73 0
iov 0 0K 12K 166960K 66 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1302 82K 82K 166960K 1495 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 3 0
VM map 2 1K 1K 166960K 2 0
sem 3 0K 0K 166960K 4 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 97K 166960K 275 0
proc 58 59K 124K 166960K 508 0
subproc 74 4K 4K 166960K 76 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 32 0
in_multi 55 4K 6K 166960K 99 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 12 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 49 228K 228K 166960K 49 0
exec 0 0K 1K 166960K 373 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 244 143K 159K 166960K 4240 0
UVM aobj 6 2K 2K 166960K 6 0
pinsyscall 39 78K 96K 166960K 1366 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 4 0
NDP 8 0K 1K 166960K 32 0
temp 37 9066K 9130K 166960K 5275 0
kqueue 13 20K 24K 166960K 45 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 50 0 47 1 0 1 1 0 8 0
rtentry 136 118 0 49 4 0 4 4 0 8 0
unpcb 144 89 0 71 1 0 1 1 0 8 0
syncache 336 10 0 10 2 1 1 1 0 8 1
tcpqe 32 2 0 2 2 1 1 1 0 8 1
tcpcb 736 96 0 84 2 0 2 2 0 8 0
arp 96 18 0 8 1 0 1 1 0 8 0
inpcb 328 360 0 330 8 5 3 7 0 8 0
nd6 112 25 0 13 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1072 3 0 3 2 1 1 1 0 8 1
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 8 0 0 1 0 1 1 0 8 0
pfrule 1360 4 0 3 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 461 0 178 29 2 27 29 0 8 4
art_table 40 463 0 178 5 0 5 5 0 8 0
art_node 32 118 0 56 1 0 1 1 0 8 0
semapl 112 2 0 1 1 0 1 1 0 8 0
shmpl 112 3 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1812 0 355 92 0 92 92 0 8 0
ffsino 256 1812 0 355 92 0 92 92 0 8 0
nchpl 144 2189 0 493 63 0 63 63 0 8 0
vnodes 216 1971 0 0 110 0 110 110 0 8 0
namei 1024 6389 0 6389 1 0 1 1 0 8 1
kstatmem 264 33 0 16 2 0 2 2 0 8 0
scsiplug 72 1 0 1 1 1 0 1 0 8 0
scxspl 216 6915 0 6915 3 2 1 3 1 8 1
plimitpl 152 52 0 35 1 0 1 1 0 8 0
sigapl 424 568 0 524 7 1 6 6 0 8 1
knotepl 120 7583 0 7536 2 0 2 2 0 8 0
kqueuepl 184 135 0 123 4 3 1 4 0 8 0
pipepl 304 119 0 92 3 0 3 3 0 8 0
fdescpl 448 554 0 524 5 1 4 5 0 8 0
filepl 120 2392 0 2151 13 5 8 12 0 8 0
lockfpl 104 35 0 32 1 0 1 1 0 8 0
lockfspl 48 18 0 15 1 0 1 1 0 8 0
sessionpl 144 22 0 14 1 0 1 1 0 8 0
pgrppl 48 30 0 14 1 0 1 1 0 8 0
ucredpl 104 192 0 181 1 0 1 1 0 8 0
zombiepl 144 567 0 567 1 0 1 1 0 8 1
processpl 1152 568 0 524 4 0 4 4 0 8 0
procpl 664 775 0 713 6 0 6 6 0 8 0
sockpl 552 500 0 449 8 4 4 7 0 8 0
mcl64k 65536 41 0 41 2 1 1 1 0 8 1
mcl16k 16384 14 0 14 2 1 1 1 0 8 1
mcl12k 12288 3 0 3 2 1 1 1 0 8 1
mcl9k128 9344 3 0 3 2 1 1 1 0 8 1
mcl8k 8192 34 0 34 1 0 1 1 0 8 1
mcl4k 4096 2779 0 2729 15 7 8 14 0 8 1
mcl2k2 2112 3 0 3 2 1 1 1 0 8 1
mcl2k 2048 247 0 247 2 1 1 2 0 8 1
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 6039 0 5915 11 0 11 11 0 8 0
bufpl 280 2468 0 102 169 0 169 169 0 8 0
anonpl 24 116207 0 112897 35 3 32 32 0 187 11
amapchunkpl 152 12478 0 11929 25 1 24 24 0 158 2
amappl16 200 2177 0 2155 5 3 2 5 0 8 0
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 408 0 407 1 0 1 1 0 8 0
amappl13 176 127 0 117 1 0 1 1 0 8 0
amappl12 168 795 0 766 2 0 2 2 0 8 0
amappl11 160 8 0 8 1 1 0 1 0 8 0
amappl10 152 63 0 53 1 0 1 1 0 8 0
amappl9 144 270 0 270 1 1 0 1 0 8 0
amappl8 136 100 0 99 1 0 1 1 0 8 0
amappl7 128 141 0 130 1 0 1 1 0 8 0
amappl6 120 153 0 152 1 0 1 1 0 8 0
amappl5 112 89 0 82 1 0 1 1 0 8 0
amappl4 104 265 0 249 1 0 1 1 0 8 0
amappl3 96 2312 0 2188 4 0 4 4 0 8 0
amappl2 88 510 0 459 2 0 2 2 0 8 0
amappl1 80 9916 0 9367 16 1 15 15 0 8 2
amappl 88 3519 0 3337 5 0 5 5 0 92 0
uvmvnodes 80 98 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 5 0 0 1 0 1 1 0 8 0
uaddrrnd 24 554 0 524 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 554 0 524 1 0 1 1 0 8 0
vmmpekpl 168 6157 0 6127 2 0 2 2 0 8 0
vmmpepl 168 43513 0 41678 92 2 90 90 0 357 9
vmsppl 368 553 0 524 4 1 3 4 0 8 0
rwobjpl 40 15361 0 14396 12 0 12 12 0 8 0
pdppl 4096 1114 0 1048 102 34 68 82 0 8 2
pvpl 32 276167 0 266956 95 1 94 94 0 265 16
pmappl 216 553 0 524 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 371 0 51 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: -12
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d8525c0ee876 Template peers need to check xp->rdesession t..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=159fcd06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bc15e68cd2a49e5
dashboard link: https://syzkaller.appspot.com/bug?extid=96e50b1184ab4f28c0b6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8187b86291ba/disk-d8525c0e.raw.xz
bsd.gdb: https://storage.googleapis.com/syzbot-assets/0bdf7f37caa7/bsd-d8525c0e.gdb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9547f183705a/kernel-d8525c0e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+96e50b...@syzkaller.appspotmail.com
panic: kernel diagnostic assertion "kd_lookup(kd->kd_unit) == NULL" failed: file "/syzkaller/managers/main/kernel/sys/dev/kcov.c", line 306
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*193794 85690 0 0 0x4000000 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: kernel diagnostic assertion "kd_lookup(kd->kd_unit) == NULL" failed: file "/syzkaller/managers/main/kernel/sys/dev/kcov.c", line 306
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: -12
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80003c506c50
rbx 0
rdx 0xffff8000015a9a80
rcx 0
rax 0xffff80002a7754d8
r8 0x101010101010101
r9 0x8080808080808080
r10 0x8d2447af84b4418f
r11 0xd4a5d14e3b40fbf6
r12 0
r13 0x2
r14 0
r15 0x1
rip 0xffffffff812dd435 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80003c506c40
ss 0x10
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=193794 pid=85690 tcnt=3 stat=onproc
flags process=0 proc=4000000<THREAD>
runpri=67, usrpri=68, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80002a7747e0,0xffff80002a7a4800
process=0xffff8000ffffb198 user=0xffff80003c502000, vmspace=0xfffffd806cb26180
estcpu=18, cpticks=2, pctcpu=0.0, user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
47868 406435 55335 0 2 0 syz-executor
47868 75337 55335 0 3 0x4000080 fsleep syz-executor
70245 502240 58548 0 2 0 syz-executor
70245 267756 58548 0 3 0x4000080 fsleep syz-executor
94579 96555 3356 0 2 0 syz-executor
94579 10262 3356 0 3 0x4000080 fsleep syz-executor
94579 326006 3356 0 3 0x4000080 netacc syz-executor
94579 292413 3356 0 3 0x4000080 fsleep syz-executor
98700 186732 10784 0 2 0 syz-executor
98700 287822 10784 0 3 0x4000080 fsleep syz-executor
98700 228338 10784 0 3 0x4000080 fsleep syz-executor
98700 430512 10784 0 3 0x4000080 fsleep syz-executor
82247 207755 54439 0 2 0 syz-executor
82247 391583 54439 0 3 0x4000080 fsleep syz-executor
82247 479624 54439 0 3 0x4000080 fsleep syz-executor
88507 170096 77231 0 2 0 syz-executor
88507 41083 77231 0 3 0x4000080 fsleep syz-executor
88507 77400 77231 0 3 0x4000080 fsleep syz-executor
88507 162792 77231 0 3 0x4000080 fsleep syz-executor
85690 89122 70320 0 2 0 syz-executor
*85690 193794 70320 0 7 0x4000000 syz-executor
85690 309432 70320 0 3 0x4000080 fsleep syz-executor
47676 488244 17721 0 2 0 syz-executor
47676 174409 17721 0 3 0x4000080 fsleep syz-executor
47676 251433 17721 0 3 0x4000080 fsleep syz-executor
47676 286762 17721 0 3 0x4000080 fsleep syz-executor
46895 61260 0 0 3 0x14200 acct acct
55335 315851 53956 0 3 0x82 nanoslp syz-executor
17721 378074 53956 0 3 0x82 nanoslp syz-executor
54439 248079 53956 0 3 0x82 nanoslp syz-executor
10784 294002 53956 0 3 0x82 nanoslp syz-executor
3356 333533 53956 0 3 0x82 nanoslp syz-executor
77231 510058 53956 0 3 0x82 nanoslp syz-executor
70320 357927 53956 0 3 0x82 nanoslp syz-executor
58548 275729 53956 0 3 0x82 nanoslp syz-executor
53956 200286 52355 0 3 0x82 kqread syz-executor
52355 190489 50765 0 3 0x10008a sigsusp ksh
50765 370827 45091 0 3 0x98 kqread sshd-session
45091 84324 74381 0 3 0x92 kqread sshd-session
76949 36522 1 0 3 0x100083 ttyin getty
74381 28095 1 0 3 0x88 kqread sshd
69076 168293 69512 73 3 0x1100090 kqread syslogd
69512 110459 1 0 3 0x100082 sbwait syslogd
51633 138037 1 0 3 0x100080 kqread resolvd
31242 291339 34041 77 3 0x100092 kqread dhcpleased
84204 322804 34041 77 3 0x100092 kqread dhcpleased
34041 140013 1 0 3 0x80 kqread dhcpleased
84367 308005 0 0 3 0x14200 bored smr
60533 192468 0 0 2 0x14200 zerothread
25259 505192 0 0 3 0x14200 aiodoned aiodoned
31766 129443 0 0 3 0x14200 syncer update
73777 281927 0 0 3 0x14200 cleaner cleaner
52155 270550 0 0 3 0x14200 reaper reaper
17247 101891 0 0 3 0x14200 pgdaemon pagedaemon
34375 121431 0 0 3 0x14200 bored viomb
9439 184165 0 0 3 0x40014200 acpi0 acpi0
12035 361145 0 0 3 0x14200 bored softnet0
74212 279060 0 0 3 0x14200 bored systqmp
96678 61653 0 0 3 0x14200 bored systq
83911 13424 0 0 3 0x40014200 tmoslp softclock
68575 15124 0 0 3 0x40014200 idle0
1 344917 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 11025 12160K 12316K 166960K 12254 0
pcb 21 14K 15K 166960K 81 0
rtable 167 5K 7K 166960K 398 0
pf 26 12K 14K 166960K 47 0
ifaddr 28 4K 7K 166960K 51 0
ifgroup 39 1K 2K 166960K 65 0
sysctl 3 1K 9K 166960K 7 0
counters 30 17K 18K 166960K 38 0
ioctlops 0 0K 4K 166960K 73 0
iov 0 0K 12K 166960K 66 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1302 82K 82K 166960K 1495 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 1K 5K 166960K 3 0
VM map 2 1K 1K 166960K 2 0
sem 3 0K 0K 166960K 4 0
dirhash 12 2K 2K 166960K 12 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 97K 166960K 275 0
proc 58 59K 124K 166960K 508 0
subproc 74 4K 4K 166960K 76 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 32 0
in_multi 55 4K 6K 166960K 99 0
ether_multi 1 0K 0K 166960K 2 0
mrt 0 0K 0K 166960K 12 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 49 228K 228K 166960K 49 0
exec 0 0K 1K 166960K 373 0
fusefs mount 1 32K 32K 166960K 1 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 244 143K 159K 166960K 4240 0
UVM aobj 6 2K 2K 166960K 6 0
pinsyscall 39 78K 96K 166960K 1366 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 4 0
NDP 8 0K 1K 166960K 32 0
temp 37 9066K 9130K 166960K 5275 0
kqueue 13 20K 24K 166960K 45 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 50 0 47 1 0 1 1 0 8 0
rtentry 136 118 0 49 4 0 4 4 0 8 0
unpcb 144 89 0 71 1 0 1 1 0 8 0
syncache 336 10 0 10 2 1 1 1 0 8 1
tcpqe 32 2 0 2 2 1 1 1 0 8 1
tcpcb 736 96 0 84 2 0 2 2 0 8 0
arp 96 18 0 8 1 0 1 1 0 8 0
inpcb 328 360 0 330 8 5 3 7 0 8 0
nd6 112 25 0 13 1 0 1 1 0 8 0
kcovpl 48 8 0 0 1 0 1 1 0 8 0
ppxss 1072 3 0 3 2 1 1 1 0 8 1
pftag 88 1 0 0 1 0 1 1 0 8 0
pfqueue 320 8 0 0 1 0 1 1 0 8 0
pfrule 1360 4 0 3 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 461 0 178 29 2 27 29 0 8 4
art_table 40 463 0 178 5 0 5 5 0 8 0
art_node 32 118 0 56 1 0 1 1 0 8 0
semapl 112 2 0 1 1 0 1 1 0 8 0
shmpl 112 3 0 0 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 1812 0 355 92 0 92 92 0 8 0
ffsino 256 1812 0 355 92 0 92 92 0 8 0
nchpl 144 2189 0 493 63 0 63 63 0 8 0
vnodes 216 1971 0 0 110 0 110 110 0 8 0
namei 1024 6389 0 6389 1 0 1 1 0 8 1
kstatmem 264 33 0 16 2 0 2 2 0 8 0
scsiplug 72 1 0 1 1 1 0 1 0 8 0
scxspl 216 6915 0 6915 3 2 1 3 1 8 1
plimitpl 152 52 0 35 1 0 1 1 0 8 0
sigapl 424 568 0 524 7 1 6 6 0 8 1
knotepl 120 7583 0 7536 2 0 2 2 0 8 0
kqueuepl 184 135 0 123 4 3 1 4 0 8 0
pipepl 304 119 0 92 3 0 3 3 0 8 0
fdescpl 448 554 0 524 5 1 4 5 0 8 0
filepl 120 2392 0 2151 13 5 8 12 0 8 0
lockfpl 104 35 0 32 1 0 1 1 0 8 0
lockfspl 48 18 0 15 1 0 1 1 0 8 0
sessionpl 144 22 0 14 1 0 1 1 0 8 0
pgrppl 48 30 0 14 1 0 1 1 0 8 0
ucredpl 104 192 0 181 1 0 1 1 0 8 0
zombiepl 144 567 0 567 1 0 1 1 0 8 1
processpl 1152 568 0 524 4 0 4 4 0 8 0
procpl 664 775 0 713 6 0 6 6 0 8 0
sockpl 552 500 0 449 8 4 4 7 0 8 0
mcl64k 65536 41 0 41 2 1 1 1 0 8 1
mcl16k 16384 14 0 14 2 1 1 1 0 8 1
mcl12k 12288 3 0 3 2 1 1 1 0 8 1
mcl9k128 9344 3 0 3 2 1 1 1 0 8 1
mcl8k 8192 34 0 34 1 0 1 1 0 8 1
mcl4k 4096 2779 0 2729 15 7 8 14 0 8 1
mcl2k2 2112 3 0 3 2 1 1 1 0 8 1
mcl2k 2048 247 0 247 2 1 1 2 0 8 1
mtagpl 96 4 0 4 1 1 0 1 0 8 0
mbufpl 256 6039 0 5915 11 0 11 11 0 8 0
bufpl 280 2468 0 102 169 0 169 169 0 8 0
anonpl 24 116207 0 112897 35 3 32 32 0 187 11
amapchunkpl 152 12478 0 11929 25 1 24 24 0 158 2
amappl16 200 2177 0 2155 5 3 2 5 0 8 0
amappl15 192 6 0 6 1 1 0 1 0 8 0
amappl14 184 408 0 407 1 0 1 1 0 8 0
amappl13 176 127 0 117 1 0 1 1 0 8 0
amappl12 168 795 0 766 2 0 2 2 0 8 0
amappl11 160 8 0 8 1 1 0 1 0 8 0
amappl10 152 63 0 53 1 0 1 1 0 8 0
amappl9 144 270 0 270 1 1 0 1 0 8 0
amappl8 136 100 0 99 1 0 1 1 0 8 0
amappl7 128 141 0 130 1 0 1 1 0 8 0
amappl6 120 153 0 152 1 0 1 1 0 8 0
amappl5 112 89 0 82 1 0 1 1 0 8 0
amappl4 104 265 0 249 1 0 1 1 0 8 0
amappl3 96 2312 0 2188 4 0 4 4 0 8 0
amappl2 88 510 0 459 2 0 2 2 0 8 0
amappl1 80 9916 0 9367 16 1 15 15 0 8 2
amappl 88 3519 0 3337 5 0 5 5 0 92 0
uvmvnodes 80 98 0 0 2 0 2 2 0 8 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 5 0 0 1 0 1 1 0 8 0
uaddrrnd 24 554 0 524 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 554 0 524 1 0 1 1 0 8 0
vmmpekpl 168 6157 0 6127 2 0 2 2 0 8 0
vmmpepl 168 43513 0 41678 92 2 90 90 0 357 9
vmsppl 368 553 0 524 4 1 3 4 0 8 0
rwobjpl 40 15361 0 14396 12 0 12 12 0 8 0
pdppl 4096 1114 0 1048 102 34 68 82 0 8 2
pvpl 32 276167 0 266956 95 1 94 94 0 265 16
pmappl 216 553 0 524 3 0 3 3 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 371 0 51 10 0 10 10 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: -12
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83419cc9) at panic+0x1cf sys/kern/subr_prf.c:198
__assert(ffffffff83456e3b,ffffffff83469028,132,ffffffff834c1036) at __assert+0x29 sys/kern/subr_prf.c:-1
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f kd_lookup sys/dev/kcov.c:478 [inline]
kcovopen(113d4,41,2000,ffff80002a7754d8) at kcovopen+0x14f sys/dev/kcov.c:306
spec_open_clone(ffff80003c506e68) at spec_open_clone+0x277 sys/kern/spec_vnops.c:722
spec_open(ffff80003c506e68) at spec_open+0x316 sys/kern/spec_vnops.c:148
VOP_OPEN(fffffd8065346970,41,fffffd8007ffd618,ffff80002a7754d8) at VOP_OPEN+0x82 sys/kern/vfs_vops.c:138
vn_open(ffff80003c5070c0,41,0) at vn_open+0x7a5 sys/kern/vfs_vnops.c:183
doopenat(ffff80002a7754d8,ffffff9c,200000000040,40,0,0,190133a8e123c6e0) at doopenat+0x352 sys/kern/vfs_syscalls.c:1155
sys_openat(ffff80002a7754d8,ffff80003c507360,ffff80003c5072b0) at sys_openat+0x58 sys/kern/vfs_syscalls.c:1094
syscall(ffff80003c507360) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80003c507360) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0xa33ca45c220, count: -12
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages